nuclei/pkg/reporting/trackers/jira/jira_test.go

package jira

import (
	"strings"
	"testing"

	"github.com/projectdiscovery/nuclei/v3/pkg/model"
	"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
	"github.com/projectdiscovery/nuclei/v3/pkg/model/types/stringslice"
	"github.com/projectdiscovery/nuclei/v3/pkg/output"
	"github.com/projectdiscovery/nuclei/v3/pkg/reporting/trackers/filters"
	"github.com/stretchr/testify/require"
)

func TestLinkCreation(t *testing.T) {
	jiraIntegration := &Integration{}
	link := jiraIntegration.CreateLink("ProjectDiscovery", "https://projectdiscovery.io")
	require.Equal(t, "[ProjectDiscovery|https://projectdiscovery.io]", link)
}

func TestHorizontalLineCreation(t *testing.T) {
	jiraIntegration := &Integration{}
	horizontalLine := jiraIntegration.CreateHorizontalLine()
	require.True(t, strings.Contains(horizontalLine, "----"))
}

func TestTableCreation(t *testing.T) {
	jiraIntegration := &Integration{}

	table, err := jiraIntegration.CreateTable([]string{"key", "value"}, [][]string{
		{"a", "b"},
		{"c"},
		{"d", "e"},
	})

	require.Nil(t, err)
	expected := `| key | value |
| a | b |
| c |  |
| d | e |
`
	require.Equal(t, expected, table)
}

func Test_ShouldFilter_Tracker(t *testing.T) {
	jiraIntegration := &Integration{
		options: &Options{AllowList: &filters.Filter{
			Severities: severity.Severities{severity.Critical},
		}},
	}

	require.False(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
		SeverityHolder: severity.Holder{Severity: severity.Info},
	}}))
	require.True(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
		SeverityHolder: severity.Holder{Severity: severity.Critical},
	}}))

	t.Run("deny-list", func(t *testing.T) {
		jiraIntegration := &Integration{
			options: &Options{DenyList: &filters.Filter{
				Severities: severity.Severities{severity.Critical},
			}},
		}

		require.True(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
			SeverityHolder: severity.Holder{Severity: severity.Info},
		}}))
		require.False(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
			SeverityHolder: severity.Holder{Severity: severity.Critical},
		}}))
	})
}

func TestTemplateEvaluation(t *testing.T) {
	event := &output.ResultEvent{
		Host: "example.com",
		Info: model.Info{
			Name:           "Test vulnerability",
			SeverityHolder: severity.Holder{Severity: severity.Critical},
			Classification: &model.Classification{
				CVSSScore:   9.8,
				CVEID:       stringslice.StringSlice{Value: []string{"CVE-2023-1234"}},
				CWEID:       stringslice.StringSlice{Value: []string{"CWE-79"}},
				CVSSMetrics: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
			},
		},
	}

	integration := &Integration{}

	t.Run("conditional template", func(t *testing.T) {
		templateStr := `{{if eq .Severity "critical"}}11187{{else if eq .Severity "high"}}11186{{else if eq .Severity "medium"}}11185{{else}}11184{{end}}`
		result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "11187", result)
	})

	t.Run("freeform description template", func(t *testing.T) {
		templateStr := `Vulnerability detected by Nuclei. Name: {{.Name}}, Severity: {{.Severity}}, Host: {{.Host}}`
		result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
		require.NoError(t, err)
		expected := "Vulnerability detected by Nuclei. Name: Test vulnerability, Severity: critical, Host: example.com"
		require.Equal(t, expected, result)
	})

	t.Run("legacy variable syntax", func(t *testing.T) {
		result, err := integration.evaluateCustomFieldValue("$Severity", buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "critical", result)

		result, err = integration.evaluateCustomFieldValue("$Host", buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "example.com", result)
	})

	t.Run("complex template with conditionals", func(t *testing.T) {
		templateStr := `{{.Name}} on {{.Host}}
{{if .CVSSScore}}CVSS: {{.CVSSScore}}{{end}}
{{if eq .Severity "critical"}}⚠️ CRITICAL{{else}}Standard{{end}}`
		result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Contains(t, result, "Test vulnerability on example.com")
		require.Contains(t, result, "CVSS: 9.80")
		require.Contains(t, result, "⚠️ CRITICAL")
	})

	t.Run("no template syntax", func(t *testing.T) {
		result, err := integration.evaluateCustomFieldValue("plain text", buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "plain text", result)
	})

	t.Run("template functions", func(t *testing.T) {
		// Test case conversion functions
		result, err := integration.evaluateCustomFieldValue("{{.Severity | upper}}", buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "CRITICAL", result)

		result, err = integration.evaluateCustomFieldValue("{{.Name | lower}}", buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "test vulnerability", result)

		result, err = integration.evaluateCustomFieldValue("{{.Name | title}}", buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "Test Vulnerability", result)

		// Test string check functions
		result, err = integration.evaluateCustomFieldValue(`{{if contains .Name "Test"}}has-test{{else}}no-test{{end}}`, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "has-test", result)

		result, err = integration.evaluateCustomFieldValue(`{{if hasPrefix .Host "example"}}starts-with-example{{else}}other{{end}}`, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "starts-with-example", result)

		result, err = integration.evaluateCustomFieldValue(`{{if hasSuffix .Host ".com"}}ends-with-com{{else}}other{{end}}`, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "ends-with-com", result)

		// Test string manipulation functions
		result, err = integration.evaluateCustomFieldValue(`{{replace .Name " " "-"}}`, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "Test-vulnerability", result)

		result, err = integration.evaluateCustomFieldValue(`{{trimSpace " test "}}`, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "test", result)

		result, err = integration.evaluateCustomFieldValue(`{{trim "...test..." "."}}`, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "test", result)

		// Test split and join functions
		result, err = integration.evaluateCustomFieldValue(`{{join (split .Name " ") "-"}}`, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Equal(t, "Test-vulnerability", result)
	})

	t.Run("complex template with functions", func(t *testing.T) {
		templateStr := `{{.Name | upper}} on {{.Host}}
{{if contains .Name "SQL"}}SQL-INJECTION{{else if contains .Name "XSS"}}XSS-ATTACK{{else}}OTHER{{end}}
Priority: {{if eq .Severity "critical"}}{{.Severity | upper}}{{else}}{{.Severity}}{{end}}`
		result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
		require.NoError(t, err)
		require.Contains(t, result, "TEST VULNERABILITY on example.com", result)
		require.Contains(t, result, "OTHER")
		require.Contains(t, result, "CRITICAL")
	})
}
-												fix(reporting): Markdown and Jira exporter fixes (#3849)

* fix(reporting): Markdown and Jira exporter fixes

* removed the code duplication between the Markdown and Jira exporter
* markdown requires at least 3 dashes in the cells to separate headers from contents in a table
* fixed the Jira link creation in the description
* Jira requires at least 4 dashes for a horizontal line
* added tests
* Jira doesn't use dashed separators between table headers and contents

* fix(reporting): Markdown and Jira exporter fixes

* satisfying the linter

* minor syntax changes

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
											
										
										
											2023-06-22 14:27:32 +03:00
+								package jira
 								import (
 									"strings"
 									"testing"
-												merging caches + removing import cycle via type any

											
										
										
											2024-03-13 02:27:15 +01:00
-												fix: fixed individual per tracker reporting filters (#5297)

* fix: fixed individual per tracker reporting filters

* added test case
											
										
										
											2024-06-16 19:14:43 +05:30
+									"github.com/projectdiscovery/nuclei/v3/pkg/model"
 									"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
-												feat: added new text/template syntax to jira custom fields

											
										
										
											2025-09-10 16:51:20 +05:30
+									"github.com/projectdiscovery/nuclei/v3/pkg/model/types/stringslice"
-												fix: fixed individual per tracker reporting filters (#5297)

* fix: fixed individual per tracker reporting filters

* added test case
											
										
										
											2024-06-16 19:14:43 +05:30
+									"github.com/projectdiscovery/nuclei/v3/pkg/output"
 									"github.com/projectdiscovery/nuclei/v3/pkg/reporting/trackers/filters"
-												merging caches + removing import cycle via type any

											
										
										
											2024-03-13 02:27:15 +01:00
+									"github.com/stretchr/testify/require"
-												fix(reporting): Markdown and Jira exporter fixes (#3849)

* fix(reporting): Markdown and Jira exporter fixes

* removed the code duplication between the Markdown and Jira exporter
* markdown requires at least 3 dashes in the cells to separate headers from contents in a table
* fixed the Jira link creation in the description
* Jira requires at least 4 dashes for a horizontal line
* added tests
* Jira doesn't use dashed separators between table headers and contents

* fix(reporting): Markdown and Jira exporter fixes

* satisfying the linter

* minor syntax changes

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
											
										
										
											2023-06-22 14:27:32 +03:00
+								)
 								func TestLinkCreation(t *testing.T) {
 									jiraIntegration := &Integration{}
 									link := jiraIntegration.CreateLink("ProjectDiscovery", "https://projectdiscovery.io")
-												merging caches + removing import cycle via type any

											
										
										
											2024-03-13 02:27:15 +01:00
+									require.Equal(t, "[ProjectDiscovery|https://projectdiscovery.io]", link)
-												fix(reporting): Markdown and Jira exporter fixes (#3849)

* fix(reporting): Markdown and Jira exporter fixes

* removed the code duplication between the Markdown and Jira exporter
* markdown requires at least 3 dashes in the cells to separate headers from contents in a table
* fixed the Jira link creation in the description
* Jira requires at least 4 dashes for a horizontal line
* added tests
* Jira doesn't use dashed separators between table headers and contents

* fix(reporting): Markdown and Jira exporter fixes

* satisfying the linter

* minor syntax changes

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
											
										
										
											2023-06-22 14:27:32 +03:00
+								}
 								func TestHorizontalLineCreation(t *testing.T) {
 									jiraIntegration := &Integration{}
 									horizontalLine := jiraIntegration.CreateHorizontalLine()
-												merging caches + removing import cycle via type any

											
										
										
											2024-03-13 02:27:15 +01:00
+									require.True(t, strings.Contains(horizontalLine, "----"))
-												fix(reporting): Markdown and Jira exporter fixes (#3849)

* fix(reporting): Markdown and Jira exporter fixes

* removed the code duplication between the Markdown and Jira exporter
* markdown requires at least 3 dashes in the cells to separate headers from contents in a table
* fixed the Jira link creation in the description
* Jira requires at least 4 dashes for a horizontal line
* added tests
* Jira doesn't use dashed separators between table headers and contents

* fix(reporting): Markdown and Jira exporter fixes

* satisfying the linter

* minor syntax changes

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
											
										
										
											2023-06-22 14:27:32 +03:00
+								}
 								func TestTableCreation(t *testing.T) {
 									jiraIntegration := &Integration{}
 									table, err := jiraIntegration.CreateTable([]string{"key", "value"}, [][]string{
 										{"a", "b"},
 										{"c"},
 										{"d", "e"},
 									})
-												merging caches + removing import cycle via type any

											
										
										
											2024-03-13 02:27:15 +01:00
+									require.Nil(t, err)
-												fix(reporting): Markdown and Jira exporter fixes (#3849)

* fix(reporting): Markdown and Jira exporter fixes

* removed the code duplication between the Markdown and Jira exporter
* markdown requires at least 3 dashes in the cells to separate headers from contents in a table
* fixed the Jira link creation in the description
* Jira requires at least 4 dashes for a horizontal line
* added tests
* Jira doesn't use dashed separators between table headers and contents

* fix(reporting): Markdown and Jira exporter fixes

* satisfying the linter

* minor syntax changes

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
											
										
										
											2023-06-22 14:27:32 +03:00
+									expected := `| key | value |
 								| a | b |
 								| c |  |
 								| d | e |
 								`
-												merging caches + removing import cycle via type any

											
										
										
											2024-03-13 02:27:15 +01:00
+									require.Equal(t, expected, table)
-												fix(reporting): Markdown and Jira exporter fixes (#3849)

* fix(reporting): Markdown and Jira exporter fixes

* removed the code duplication between the Markdown and Jira exporter
* markdown requires at least 3 dashes in the cells to separate headers from contents in a table
* fixed the Jira link creation in the description
* Jira requires at least 4 dashes for a horizontal line
* added tests
* Jira doesn't use dashed separators between table headers and contents

* fix(reporting): Markdown and Jira exporter fixes

* satisfying the linter

* minor syntax changes

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
											
										
										
											2023-06-22 14:27:32 +03:00
+								}
-												fix: fixed individual per tracker reporting filters (#5297)

* fix: fixed individual per tracker reporting filters

* added test case
											
										
										
											2024-06-16 19:14:43 +05:30
 								func Test_ShouldFilter_Tracker(t *testing.T) {
 									jiraIntegration := &Integration{
 										options: &Options{AllowList: &filters.Filter{
 											Severities: severity.Severities{severity.Critical},
 										}},
 									}
 									require.False(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
 										SeverityHolder: severity.Holder{Severity: severity.Info},
 									}}))
 									require.True(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
 										SeverityHolder: severity.Holder{Severity: severity.Critical},
 									}}))
 									t.Run("deny-list", func(t *testing.T) {
 										jiraIntegration := &Integration{
 											options: &Options{DenyList: &filters.Filter{
 												Severities: severity.Severities{severity.Critical},
 											}},
 										}
 										require.True(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
 											SeverityHolder: severity.Holder{Severity: severity.Info},
 										}}))
 										require.False(t, jiraIntegration.ShouldFilter(&output.ResultEvent{Info: model.Info{
 											SeverityHolder: severity.Holder{Severity: severity.Critical},
 										}}))
 									})
 								}
-												feat: added new text/template syntax to jira custom fields

											
										
										
											2025-09-10 16:51:20 +05:30
 								func TestTemplateEvaluation(t *testing.T) {
 									event := &output.ResultEvent{
 										Host: "example.com",
 										Info: model.Info{
-												feat: added additional text/template helpers

											
										
										
											2025-09-10 17:32:43 +05:30
+											Name:           "Test vulnerability",
-												feat: added new text/template syntax to jira custom fields

											
										
										
											2025-09-10 16:51:20 +05:30
+											SeverityHolder: severity.Holder{Severity: severity.Critical},
 											Classification: &model.Classification{
 												CVSSScore:   9.8,
 												CVEID:       stringslice.StringSlice{Value: []string{"CVE-2023-1234"}},
 												CWEID:       stringslice.StringSlice{Value: []string{"CWE-79"}},
 												CVSSMetrics: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
 											},
 										},
 									}
 									integration := &Integration{}
 									t.Run("conditional template", func(t *testing.T) {
 										templateStr := `{{if eq .Severity "critical"}}11187{{else if eq .Severity "high"}}11186{{else if eq .Severity "medium"}}11185{{else}}11184{{end}}`
 										result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "11187", result)
 									})
 									t.Run("freeform description template", func(t *testing.T) {
 										templateStr := `Vulnerability detected by Nuclei. Name: {{.Name}}, Severity: {{.Severity}}, Host: {{.Host}}`
 										result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
 										require.NoError(t, err)
-												feat: added additional text/template helpers

											
										
										
											2025-09-10 17:32:43 +05:30
+										expected := "Vulnerability detected by Nuclei. Name: Test vulnerability, Severity: critical, Host: example.com"
-												feat: added new text/template syntax to jira custom fields

											
										
										
											2025-09-10 16:51:20 +05:30
+										require.Equal(t, expected, result)
 									})
 									t.Run("legacy variable syntax", func(t *testing.T) {
 										result, err := integration.evaluateCustomFieldValue("$Severity", buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "critical", result)
 										result, err = integration.evaluateCustomFieldValue("$Host", buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "example.com", result)
 									})
 									t.Run("complex template with conditionals", func(t *testing.T) {
 										templateStr := `{{.Name}} on {{.Host}}
 								{{if .CVSSScore}}CVSS: {{.CVSSScore}}{{end}}
 								{{if eq .Severity "critical"}}⚠️ CRITICAL{{else}}Standard{{end}}`
 										result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
 										require.NoError(t, err)
-												feat: added additional text/template helpers

											
										
										
											2025-09-10 17:32:43 +05:30
+										require.Contains(t, result, "Test vulnerability on example.com")
-												feat: added new text/template syntax to jira custom fields

											
										
										
											2025-09-10 16:51:20 +05:30
+										require.Contains(t, result, "CVSS: 9.80")
 										require.Contains(t, result, "⚠️ CRITICAL")
 									})
 									t.Run("no template syntax", func(t *testing.T) {
 										result, err := integration.evaluateCustomFieldValue("plain text", buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "plain text", result)
 									})
-												feat: added additional text/template helpers

											
										
										
											2025-09-10 17:32:43 +05:30
 									t.Run("template functions", func(t *testing.T) {
 										// Test case conversion functions
 										result, err := integration.evaluateCustomFieldValue("{{.Severity | upper}}", buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "CRITICAL", result)
 										result, err = integration.evaluateCustomFieldValue("{{.Name | lower}}", buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "test vulnerability", result)
 										result, err = integration.evaluateCustomFieldValue("{{.Name | title}}", buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "Test Vulnerability", result)
 										// Test string check functions
 										result, err = integration.evaluateCustomFieldValue(`{{if contains .Name "Test"}}has-test{{else}}no-test{{end}}`, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "has-test", result)
 										result, err = integration.evaluateCustomFieldValue(`{{if hasPrefix .Host "example"}}starts-with-example{{else}}other{{end}}`, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "starts-with-example", result)
 										result, err = integration.evaluateCustomFieldValue(`{{if hasSuffix .Host ".com"}}ends-with-com{{else}}other{{end}}`, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "ends-with-com", result)
 										// Test string manipulation functions
 										result, err = integration.evaluateCustomFieldValue(`{{replace .Name " " "-"}}`, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "Test-vulnerability", result)
 										result, err = integration.evaluateCustomFieldValue(`{{trimSpace " test "}}`, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "test", result)
 										result, err = integration.evaluateCustomFieldValue(`{{trim "...test..." "."}}`, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "test", result)
 										// Test split and join functions
 										result, err = integration.evaluateCustomFieldValue(`{{join (split .Name " ") "-"}}`, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Equal(t, "Test-vulnerability", result)
 									})
 									t.Run("complex template with functions", func(t *testing.T) {
 										templateStr := `{{.Name | upper}} on {{.Host}}
 								{{if contains .Name "SQL"}}SQL-INJECTION{{else if contains .Name "XSS"}}XSS-ATTACK{{else}}OTHER{{end}}
 								Priority: {{if eq .Severity "critical"}}{{.Severity | upper}}{{else}}{{.Severity}}{{end}}`
 										result, err := integration.evaluateCustomFieldValue(templateStr, buildTemplateContext(event), event)
 										require.NoError(t, err)
 										require.Contains(t, result, "TEST VULNERABILITY on example.com", result)
 										require.Contains(t, result, "OTHER")
 										require.Contains(t, result, "CRITICAL")
 									})
-												feat: added new text/template syntax to jira custom fields

											
										
										
											2025-09-10 16:51:20 +05:30
+								}